Opinion: Privacy aside, why chip IDs are a bad idea
February 16, 1999
Web posted at: 10:33 a.m. EST (1533 GMT)
by Scott Bradner
(IDG) -- Intel claimed it was just trying to enable electronic commerce. But what the company did was only marginally useful for e-commerce, scared the privacy advocates, and got Intel headlined dead center at the top of The New York Times' front page.
Intel thought it would be a good thing to be able to tell one computer from another, so the company added a unique serial number to each of its new Pentium III processors. There are a number of reasons this might be useful. Intel suggested the serial number could be used to tell e-commerce users apart on the 'Net. It also could be used to track down stolen processor chips and computers. In a throwback to some mainframe software, the serial number could let vendors tie software licenses to individual machines. Because these goals seem reasonable, Intel must have been shocked by the reaction to its announcement.
Privacy groups reacted quickly and very negatively. Here was something that could become the Internet equivalent of a Social Security number -- something that could be used to identify a user wandering around the World Wide Web. At the minimum, this could spawn unwanted sales e-mail and calls; at worst, it could be used to build dossiers on Internet users.
The press quickly picked up on the privacy groups' vehement denunciation of Intel's plan. Intel then wasted little time in announcing that the serial number feature would be disabled by default, and a user would actively have to turn it on.
This did not satisfy the privacy groups because browsers and other software could surreptitiously re-enable the serial number feature at any time. The privacy groups have now asked the Federal Trade Commission to force Intel to recall any early Pentium III chips that have been shipped and prohibit Intel from shipping any more with the feature.
Ironically, while a serial number is a legitimate worry to people who would like to preserve what little privacy we have left, it is not reliable enough to be used in e-commerce. E-commerce requires the identification of an individual, but a processor serial number identifies the processor in a computer. Because users switch between computers and many computers are used by multiple people, a processor serial number identifies the wrong thing for e-commerce.
It would have been far more useful if Intel had worked instead on an inexpensive and reliable smart card and reader. If PCs came equipped with such readers, users could plug in a card to identify themselves when engaging in e-commerce and not at other times. Users could anonymously buy packs of these smart cards to use in different activities or with different vendors.